01-06-2009 04:54 AM
Excuse me if my question is a repeat, but the matter is that I have been following instructions from similar topics from this forum, but no success yet!
I have SSG-350M (6.0.0.r4). On the Untrust interface it is having address 220.127.116.11/24 (Default Gateway= 18.104.22.168). All the range is available for MIP or DIP. On the Trust interface the ip is 192.168.1.1/24. I have a server whose ip= 192.168.1.48, and I want to map it to 22.214.171.124, so that when this server access Internet (Traffic from Server/Trust to any/Untrust) it will use that address. Also I want any service request to 126.96.36.199 from any/Untrust be forwarded to the 192.168.1.48. On the Untrust interface I created new MIP (188.8.131.52) and Host= 192.168.1.48 mask=32. In policies I permit traffic from Server/Trust to any/Untrust. Also I add a second policy to permit any/Untrust towards MIP(184.108.40.206)/Trust any/service. When I use server to access the site www.whatismyip.com, I will get 220.127.116.11 means it works fine in this direction. But when I try to connect to the server using Remote Desktop (RDP) from another Internet connection (I try to connect to 18.104.22.168) nothing happens! I tried to ping also no success! While from my LAN PC (192.168.1.90) I can ping that server (192.168.1.48) and I can connect to it using RDP!! What could be wrong? Can it be a firmware issue?
Many Thanks in advance for your support!
Solved! Go to Solution.
01-06-2009 10:06 AM
If all else fails, I would debug the traffic to see what the Firewalls is doing with it. Try the following. If you need help reading the "db str", post the results. Good luck.
1. From Firewall:
set ff dst-ip 22.214.171.124
set ff dst-ip 192.168.1.48
debug flow basic
2. From Test PC:
test from Untrust (e.g. try to RDP)
3. From Firewall:
get db str
4. Review the stream. You should see the traffic arrive, route look-up, policy check, and forwarded.
01-07-2009 11:21 PM
Thank you All!
I did as told, but nothing strange found in the captured data! I made a visit to the site, and I found that the customer is placing a Cyberoam Firewall in Transparent Bridging Mode, between the 192.168.1.x segment and the Juniper LAN. They are using the Cyberoam to control Bandwidth. The Cyberoam administrator added a rule to allow traffic inbound towards the server and now everything is working fine!
Many Thanks for your support!